Unable to route through new interface
We have a very strange issue where we are spinning up a new interface, just like we did with our 30 previous interfaces.
FW1 Interface IP: 192.168.120.1/24
FW2 Interface IP: 192.168.120.2/24
CARP IP: 192.168.120.254/24
The CARP IP properly replicated, FW1 is the Master and FW2 is Backup.
I can ping the individual firewall IPs, but not the CARP IP. Its not a rule issue as I can add an ANY/ANY and the behavior does not change.
Its not a routing or a switch VLAN issue as I can see all MACs on all our switches. The firewall interfaces can ping each other I can ping external IPs from the firewall
There are no floating rules that have this subnet in scope.
At this point I am at a lose and dont know where to proceed. Like I mentioned we have had no issues bringing any of our previous subnets online. But even after destroying and recreating everything, the issue persists.
viragomann last edited by
When you ping the CARP VIP from a connected device, it will first send an ARP request which the master should respond to.
So to investigate, sniff the traffic and check for ARP packets and if pfSense sends a respond.
If there is no ARP request, check the ARP table on the device you're pinging from for an already existing entry.